Among all the threats that are present on the network, TrickBot has given security investigators many headaches. It is a malware that puts users’ privacy at risk and over time has been improving the way to attack. In this article we echo a news item that reports on how you have added a new technique. Now check the screen resolution to evade analysis.
TrickBot analyzes resolution to bypass security
We constantly see progress in terms of computer security . New tools emerge that we can install on our systems, more effective software to detect problems. Now, hackers also hone their attack techniques. They always look for a way to hide, to penetrate systems to achieve their goals.
In this sense, TrickBot is a threat that is frequently updated to avoid detection and compromise its victims. Now this Trojan has started to check the screen resolution of the computer to know if it is running in a virtual machine.
Security researchers often use virtual machines to analyze malware. These tools have different analysis functions and specialized software. Many varieties of malicious software have anti-virtual machine techniques to search for specific processes, computer names, MAC address, the characteristics of the CPU …
But now TrickBot adds something else: analyzing the screen resolution . It is a new technique that this popular Trojan has included to know if it is in a virtual machine or in a normal computer. Security researchers generally use a different screen resolution on these virtual machines than they do for testing.
The normal thing is that a virtual machine works at 800 × 600 or 1024 × 768, something much lower than the resolution of a normal screen. This is analyzed by malware and determined where it is. Does it mean that if we use those lower screen resolutions we are safe? According to security researchers, in that case the malware would not run.
TrickBot, much more than a Trojan
Keep in mind that TrickBot started out as a banking Trojan. A threat that sought to steal information from users. One more of the many that we can find on the net.
However, with the passage of time he has been perfecting his attacks. Now it is much more than a simple banking Trojan and this makes it a very important problem to consider. We must always take steps to avoid falling victim to this threat.
Something basic and that we always recommend is to have security tools . A good antivirus can protect us not only from this malware, but from any other threat on the network.
We must also always have updated systems . Having the latest security patches will be essential if we do not want to suffer problems. Sometimes vulnerabilities arise that can be fixed.
But surely the most important thing is common sense . Many such attacks are caused by errors made by users.
